package com.oauth.controller;

import com.oauth.projo.User;
import org.springframework.security.access.annotation.Secured;
import org.springframework.security.access.prepost.PostAuthorize;
import org.springframework.security.access.prepost.PostFilter;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.security.access.prepost.PreFilter;
import org.springframework.security.core.Authentication;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;

import javax.annotation.security.DenyAll;
import javax.annotation.security.PermitAll;
import javax.annotation.security.RolesAllowed;
import javax.servlet.http.HttpServletRequest;
import java.util.List;

@RestController
public class TestController {

    @GetMapping("/test")
    public String test(){
        return "test";
    }

    @GetMapping("/test1")
    @PreAuthorize("#oauth2.hasScope('admin:user')")//SecurityExpressionRoot 提供hasRole(),permitAll()等权限校验，
    public String test1(){
        return "test1";
    }

    @GetMapping("/test2")
    @PreAuthorize("@myPermission.hasPermission(#request,#authentication)")//自定义校验
    public String test2(HttpServletRequest request, Authentication authentication){
        return "test2";
    }



    /**
     *可以使用权限表达式以及and or
     *除了角色还可以使用权限hasAuthority
     */
    @PreAuthorize("hasRole('ADMIN') and authentication.name=='admin'")
    @GetMapping("/user")
    public String user(){
        return "user";
    }

    /**
     * 传的参数如果和登录用户的账号相同才能访问
     */
    @PreAuthorize("authentication.name==#username")
    @GetMapping("/name")
    public String name(String username){
        return "name";
    }
    /**
     * 请求方法前对参数过滤 参数必须是数组、集合
     */
    @PreFilter(value = "filterTarget.id%2!=0",filterTarget = "users")
    @GetMapping("/users")
    public String name(@RequestBody List<User> users){
        return "user";
    }
    /**
     * 返回指定的对象
     */
    @PostAuthorize("returnObject.id==1")
    @GetMapping("/userId")
    public String userId(@RequestBody List<User> users){
        return "userId";
    }
    /**
     * 过滤方法的返回值 返回值是数组或者集合
     */
    @PostFilter("filterTarget.id%2==0")
    @GetMapping("/all")
    public String all(@RequestBody List<User> users){
        return "all";
    }

    /**
     * 只能判断角色,可以是多个 ，具有其中一个即可
     */
    @Secured("{ROLE_USER,ROLE_ADMIN}")
    @GetMapping("/Secured")
    public String secured(@RequestBody List<User> users){
        return "Secured";
    }

    /**
     * 放行所有
     */
    @PermitAll
    @GetMapping("/PermitAll")
    public String permitAll(@RequestBody List<User> users){
        return "PermitAll";
    }

    /**
     * 拒绝所有请求
     */
    @DenyAll
    @GetMapping("/denyall")
    public String denyAll(){
        return "denyall";
    }

    /**
     * 具有其中一个角色即可
     */
    @RolesAllowed("{ROLE_ADMIN,ROLE_USER}")
    @GetMapping("/rolseAll")
    public String rolseAll(){
        return "rolseAll";
    }

}
